My Threat Intelligence is Bigger than Yours

The FS ISAC (Financial Services Information Sharing and Analysis Center) 2014 wrapped up its spring conference this week in beautiful Amelia Island, just outside of Jacksonville, Florida. In a race to be the winner of the “Battle of the Industry Buzzwords,” “intelligence” was mentioned 48 times throughout the published agenda versus the term APT (Advanced Persistent Threat), which clocked in a measly six times. “Big Data” was also way behind in this game of buzzword bingo. I see this as a very positive sign for the industry. Without question there was a concerted effort to focus on contextual threat intelligence collection, transformation, distribution, and consumption among peers. This critical infrastructure group continues to take security seriously and has for many years. Most wouldn’t argue that they are the most evolved and have done the best job of investing a significant amount of time and money to fight fraud, money laundering, cybercrime and any actors looking to disrupt their respective businesses. It was also fascinating to see the FS ISAC take an apparent leadership role in working with the retail sector on developing strong sharing and collaboration practices in the wake of the most recent retail heists such as Target, Neiman Marcus and Michaels. FS ISAC is engaging the National Retail Federation (NRF) to find ways to better mitigate against cyber crime incidents as well as work more collaboratively on incident response. I applaud both groups for continuing this important dialog and showing the leadership required to implement effective strategies and solutions. Additionally, Target formally announced on March 6th that it had joined the FS ISAC as a member of its community.

I definitely contributed to the buzzword madness as my talk focused on “Putting the Intelligence Back in Threat Intelligence.” In all seriousness, we had a great conversation on how organizations truly need get their arms around what they need to protect. The Alpha and the Omega is protecting businesses critical data as well ensuring customer privacy. This starts with the fundamental basics of data classification per the business’ requirements. Many organizations big and small struggle with this mightily and that is the first place to really roll up the sleeves and conduct due diligence to implement data classification policies and procedures. From there, organizations move into defining asset and configuration management, which are the key variables that process and manipulate the very data in which needs to be protected. Also in our session, we emphasized the need to make sure your organization was mature enough with its people, process and technology to discern if you are even ready to take on third party threat intelligence, consume it and be able to process it in such a way that you can operationalize the intelligence. Essentially, no organization wants to take on another initiative in which it is essentially “unfunded” from a resources perspective. Thus not benefiting from the intelligence in which they are collecting. A quick survey of the crowd indicated that their threat intelligence and management efforts were well underway, while almost half in the session said they were in the planning phases or not contemplating a threat intelligence or management initiative at all. I think this is where the “Avalanche” project that is in development will assist those organizations that might not have the horsepower to run their own extensive threat management and intelligence ecosystems. It will take the entire community to be able to “level up” against the latest threat actors and evolving threat landscape.

After sitting through many of the sessions and talking with various executives at the conference, I was able to walk away with a couple of key themes. These themes come in the form of business challenges, technical execution and industry collaboration to achieve common goals in the realm of cybersecurity. I very much appreciated the opportunity to be a part of the FS ISAC 2014 spring conference and look forward to future events as a participant as well as a speaker talking about how we can tackle cyber challenges collectively. In closing, to quote Forrester analyst Rick Holland, don’t forget that “my threat intelligence can beat up your threat intelligence!”